Several hackers are pretending to be high-level executives in the shipping industry to launch 'whaling attacks'. These attacks aim to steal credentials or even compromise the system. These hackers are targeting various types of employees with social-engineering.
Whaling attacks are not new, but they grow, with the FBI noting that these attacks resulted in losses of more than $12.5 billion during 2018.
Namely, scammers are using social engineering to pretend to be high level executives, in order to trick victims into conducting various activities, including opening malware attachments or transferring payments to suspicious accounts.
In order to do that, they first collect many publicly available information about the targets, such as data from social-media pages and personal facts. After that, in a common scenario, they send e-mails to the victims saying that the supplier’s bank details have changed. To make the e-mail more credible they use the correct logo and name so the victim would recognize it, saying that bank details are changed for the next payment run to the supplier. However, this is a scam and the money is gone.
What is more, the hacker pretends to be the CEO or a high-ranked executive using information they gathered for the victim online. Then the scammers wait until the person they pretend to be posts that they are going on a vacation or will be on a long flight, and sends an email to someone in the finance team, asking them to make an urgent payment. Many times attempts to validate the request fail because that person is on a long flight, so the payment is made.
However, there are ways to prevent these attacks. According to Gard Club and DNV GL, these are the things you can do to improve cyber-security:
Do not let anyone uninvited into the system
This will be achieved by:
- Securing the computers, by using antivirus and updating the systems;
- Update ship operation systems;
- Use only company-approved software.
Personal awareness
- Be very careful about the e-mails you are receiving;
- Search the facts, such as the name of the person/company that sent the e-mail.
Infiltration by malware
In order to prevent a cyber criminal by infiltrating through a malware:
- Never insert anything on the computer before making sure it is clean;
- Check the device that you want to insert offline for viruses;
- Do not let third parties enter data alone.
Physical protection
Just like a door, computers must be protected physically as well. This can be done by:
- Using ID card authentication;
- Using long passwords of at least 8 characters that contain upper and lower letters, numbers and symbols;
- Protect your passwords.
Segregated networks
- No personal items must be connected to sensitive networks;
- Secure the stations for file sharing;
- Be careful what you share online and put tape over the camera and laptop on your computer.
In case of an attack
In case an attack does happen after all, Gard Club and DNV GL, recommend three steps that must be done immediately after the attack is noticed:
- Follow the company's procedures;
- Report immediately to the supervisors;
- Never pay the ransom and follow the company's procedures.
Source:safety4sea
